<?php
/**
 * TomatoCMS
 *
 * LICENSE
 *
 * This source file is subject to the GNU GENERAL PUBLIC LICENSE Version 2
 * that is bundled with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://www.gnu.org/licenses/gpl-2.0.txt
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@tomatocms.com so we can send you a copy immediately.
 *
 * @copyright    Copyright (c) 2009-2010 TIG Corporation (http://www.tig.vn)
 * @license        http://www.gnu.org/licenses/gpl-2.0.txt GNU GENERAL PUBLIC LICENSE Version 2
 * @version     $Id: Plugin.php 3985 2010-07-25 16:14:44Z huuphuoc $
 * @since        2.0.0
 */

class Plugins_News_Plugin extends Tomato_Controller_Plugin
{
    public function __construct()
    {
        parent::__construct();
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $module     = strtolower($request->getModuleName());
        $controller = strtolower($request->getControllerName());
        $action     = strtolower($request->getActionName());

        /**
        * Switch to admin template
        * @since 2.0.4
        */
        $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
        if (null === $viewRenderer->view) {
            $viewRenderer->initView();
        }
        $view = $viewRenderer->view;

        $privileges = $view->privilegeLoader()->getPrivileges($module);
        foreach ($privileges as $index => $privilege) {
            foreach ($privilege['privileges'] as $item) {
                $isAllowed = false;
                if ($module == (string)$item->module_name && $controller == (string)$item->controller_name
                    && $action == (string)$item->name)
                {
                    if (Zend_Auth::getInstance()->hasIdentity()) {
                        $user         = Zend_Auth::getInstance()->getIdentity();
                        /**
                        * Add 'core:message' resource that allows show the friendly error message
                        */
                        $acl = Core_Services_Acl::getInstance();
                        if (!$acl->has('core:message')) {
                            $acl->addResource('core:message');
                        }

                        /**
                        * Alway allows logged in user to access the dashboard
                        * We should NOT use:
                        * <code>
                        * $currentRouteName = Zend_Controller_Front::getInstance()->getRouter()->getCurrentRouteName();
                        * if ('core_dashboard_index' == $currentRouteName) {
                        *         $isAllowed = true;
                        * }
                        * </code>
                        * because this approach still throws exception when there are no routes matching with current URL
                        * @since 2.0.8
                        */
                        if ('core_dashboard_index' == strtolower($module . '_' . $controller . '_' . $action)) {
                            $isAllowed = true;
                        } else {
                            $isAllowed = $acl->isUserOrRoleAllowed($user->role_id, $user->user_id, $module, $controller, $action);
                        }
                    }
                    if (!$isAllowed) {
                        $forwardAction = 'deny';

                        /**
                        * DON'T use redirect! as folow:
                        * $this->getResponse()->setRedirect('/Login/');
                        */
                        $request->setModuleName('core')
                                ->setControllerName('Auth')
                                ->setActionName($forwardAction)
                                ->setDispatched(true);
                    }
                }
            }
        }
    }
}
